I love you
The catalogue
Franziska Nori: I love you
Massimo Ferronato: The VX scene
Sarah Gordon: Structuring ethical curricula
Alessandro Ludovico: Virus
epidemiC: Action sharing
epidemiC: AntiMafia
epidemiC: Audience versus sharing
0100101110101101.0rg: Vopos
Jaromil: :(){ :I:& };:
Jutta Steidl: If ( ) then ( )
Florian Cramer: Language, a Virus?
Csilla BurjŠn: Chronology of Viruses
Humboldt-University of Berlin: Glossary of viruses
Pictures of the exhibition
The Poster
origami digital
SMS museum guide
digitalcraft STUDIO (e)
Virus types and variants

Edited by Humboldt-Universitšt, Berlin
Lutz Stange


File viruses (Program viruses, COM viruses)

File viruses are the best known and most common type of computer virus. They infect executable programs (COM-, EXE-, OVL-, OBJ-, SYS-, BAT-, DRV-, DLL files) and can be activated when such programs are run.

Boot sector viruses

Boot sector viruses (boot viruses) are concealed in the boot sector of hard disks and disks as well as in the hard disk Master Boot Record (MBR). After booting from this data carrier, they can relocate to the main memory and cause permanent damage.

Macro viruses

Macro viruses are found in macros (i.e. automatic program sequences) for documents, tables, graphics, databases, etc. Such viruses may be activated when these files are processed using the corresponding application programs (e.g. Word for Windows).

Hybrid viruses (Multipartite viruses)

Hybrid viruses are combinations of several types of virus, in particular document and boot sector viruses. This makes them equally useful for a variety of propagation methods and consequently renders them more difficult to remove from the system.

Script viruses

A completely new generation of viruses includes the harmful Java applets and in particular script viruses, based on Visual Basic Script. These may not only be hidden in VBS files but in the HTML code as well.

Link viruses/Directory viruses

Link viruses manipulate data carrier entries so that other data carrier sections containing the actual virus code are started before specific programs are queried.

Stealth viruses

Stealth viruses have special mechanisms which enable them to hide from virus search programs. A stealth virus can restore an infected file before it is examined and thus ensure that the infection goes undetected.

Polymorphic viruses

Polymorphic viruses regularly alter their appearance, making it nearly if not entirely impossible for virus scanners, which work by pattern recognition, to detect them.

Slow viruses

Slow viruses are viruses which remain unrecognised for a long period of time because their manipulation of data is minimal. This increases the likelihood of their being transferred to backup data carriers; as a result, the user has no virus-free duplicates or older versions available.

Experimental viruses

If they occur at all, experimental viruses only appear within the scope of LSP programming, infecting the source code. However, they are extremely difficult to program and are paid little notice in the "normal" PC world.


Worms, which are self-copying, are technically not viruses at all as they do not require a host program.

Trojan horses

Similarly, Trojan horses are not viruses in the classic sense (as they are not usually self-copying) but rather software with viral capability concealed behind the names of recognised (harmless) programs. They are capable of implanting viruses or spying out data such as passwords.

Logical bombs

Logical bombs are programs which can cause damage under certain circumstances (reaching a certain date, if a special database record is deleted, if a specially-named file is created).

Direct-action viruses

When an infected program is run, direct-action viruses infect other program files at once and immediately carry out any existing damage routine. The virus then transfers control back to the original program and disappears from the main memory.

ANSI viruses

ANSI viruses are not actually viruses, but merely unusually "charming" manipulations of ANSI character string function keys. They cause no damage unless the ANSI.SYS driver has been loaded.

Denial of service (E-mail bombing)

E-mail bombing entails overwhelming a target system with e-mail messages to such an extent that in extreme cases normal e-mail use is no longer possible.

E-mail viruses

E-mail viruses hide in e-mail attachments and are transmitted to the local computer when these attachments are used.

Sendmail bugs

Sendmail bugs are Trojan horses which are smuggled into the critical Send Mail program, where they then spy out passwords.

DNS attack

A DNS attack causes a user's Internet query to a given computer to be redirected to a third computer. This is useful for such purposes as spying out passwords.

RIP attack

All communication between two computers is rerouted to an external attacker and spied out. The data is then sent to the correct addressee.


Backdoors permit remote control of a computer. This allows an external attacker to manipulate or spy out data via the network.

Keystroke reader

Each keystroke made by the user is secretly read and recorded by a program which has been smuggled into the computer. Passwords may be spied out using this method.

Packet sniffer

Packet sniffers are programs capable of reading data sent by users, recognising passwords and collecting them.

IP spoofing

An attacker creates data packets with a falsified originator address; the receiver computer assumes that this is an internal user and grants access rights.

ICMP attack

ICMP protocols are used for error messages and automatic repairs of network problems. Falsified ICMP protocols can impair network operability.